This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 03, 2008, 11:17:18 am »
No, it's not transparent.
I may have problems having internal and external on the same subnet* (it's just for testing) but that isn't what is causing the following problem... well from what I know so far.
I will be changing the internal and external IPs tomorrow. I will see how it turns out and if it resolves the problem.
Thanks heaps Javi
P.S. My I.T. background is mostly networking
I may have problems having internal and external on the same subnet* (it's just for testing) but that isn't what is causing the following problem... well from what I know so far.
I will be changing the internal and external IPs tomorrow. I will see how it turns out and if it resolves the problem.
Thanks heaps Javi
P.S. My I.T. background is mostly networking
17
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 09:42:29 am »
Bump...
Really need to get this sorted.
Any help at all would be greatly appreciated
Really need to get this sorted.
Any help at all would be greatly appreciated
18
Installation and Upgrades / Re: Updating DNS with DHCP
« on: December 02, 2008, 09:41:02 am »
So you just want to set DNS with DHCP from the modem? Is the modem doing DHCP? Because in that case all you need to do is put the right DNS in the DHCP setup on the modem.
19
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 05:29:03 am »
Now I have found that Objects don't work either because when an Object is set to Allow All when everything else is set to Filter it adds another rule as shown:
Chain premodules (1 references)
target prot opt source destination
RETURN tcp -- 10.1.1.2 192.168.1.102 tcp dpt:3128
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
When I removed both of these rules and readded them manually it all worked fine.
Why is this failing when they are autoadded by ebox?
Chain premodules (1 references)
target prot opt source destination
RETURN tcp -- 10.1.1.2 192.168.1.102 tcp dpt:3128
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
When I removed both of these rules and readded them manually it all worked fine.
Why is this failing when they are autoadded by ebox?
20
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 04:46:12 am »
This is what I did after fixing that iptables setting.
Setup an Object for a particular IP. I then added an Object Policy in Proxy to allow all on that object. I was then able to get to blocked pages. I then set it to Deny All and I was confronted with the Access denied page. I then removed the Object Policy for the object and I was still completely blocked.
This is where I put in the previous iptables command and it started to work again no problems. Is this a bug in ebox? has anyone else experienced this?
Setup an Object for a particular IP. I then added an Object Policy in Proxy to allow all on that object. I was then able to get to blocked pages. I then set it to Deny All and I was confronted with the Access denied page. I then removed the Object Policy for the object and I was still completely blocked.
This is where I put in the previous iptables command and it started to work again no problems. Is this a bug in ebox? has anyone else experienced this?
21
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 04:31:25 am »
It seems that the problem may actually be with:
Chain premodules (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
I was testing a bit more and then lost connection once using filtering again. I couldn't get it to work until I did:
Chain premodules (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
I was testing a bit more and then lost connection once using filtering again. I couldn't get it to work until I did:
Code: [Select]
iptables -t nat -A premodules -p tcp -m tcp -d 192.168.1.102 --dport 3128 -j REDIRECT --to-ports 3129
22
Installation and Upgrades / Re: Squid and Dansguardian problem
« on: December 02, 2008, 03:08:02 am »
I have figured out what my problems were. I am pretty sure it is just because in testing I have both internal and external on the same network.
Internal is 192.168.1.101
External is 192.168.1.102
This is just for testing purposes to make sure it all worked before putting it in the way of the network. I will be changing the external IP to 192.168.0.1 and Internal to 192.168.1.1.
What I did to get this working was put the proxyip setting in dansguardian.conf to the ip of the internal NIC rather than localhost. I also had to set the acl localhosts to 192.168.1.102 in squid.conf.
What I am now wondering is when I change the NIC IP's as stated above... will setting these files back to localhost cause any problems?
Cheers
Turns out this doesn't actaully seem to be the problem or fix
Internal is 192.168.1.101
External is 192.168.1.102
This is just for testing purposes to make sure it all worked before putting it in the way of the network. I will be changing the external IP to 192.168.0.1 and Internal to 192.168.1.1.
What I did to get this working was put the proxyip setting in dansguardian.conf to the ip of the internal NIC rather than localhost. I also had to set the acl localhosts to 192.168.1.102 in squid.conf.
What I am now wondering is when I change the NIC IP's as stated above... will setting these files back to localhost cause any problems?
Cheers
Turns out this doesn't actaully seem to be the problem or fix
23
Installation and Upgrades / [SOLVED] Squid and Dansguardian problem
« on: December 02, 2008, 01:59:55 am »
Hey,
The problem so far:
Unable to use proxy at all unless I create a rule in the firewall section; "Filtering rules from external networks to eBox" that allows all source ports to be allowed through the squid port (3128).
Unable to use Proxy with filtering on. It doesn't get to dansguardian, it always comes up with the page "ERROR: The requested URL could not be retrieved"
If I put the dansguardian port into my proxy settings i can't get anywhere.
Here is some of my iptables config:
iptables -L
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:3129 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3129 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:3128 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3128 state NEW
Chain imodules (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3129
DROP tcp -- anywhere anywhere state NEW tcp dpt:3128
iptable -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
premodules all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postmodules all -- anywhere anywhere
SNAT all -- !192.168.1.101 anywhere to:192.168.1.101
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain postmodules (1 references)
target prot opt source destination
MASQUERADE all -- 10.1.1.0/24 anywhere
Chain premodules (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
This is setup as non-transparent proxy on default port and filter on default port. The default proxy setting is to filter.
Cheers for the help
The problem so far:
Unable to use proxy at all unless I create a rule in the firewall section; "Filtering rules from external networks to eBox" that allows all source ports to be allowed through the squid port (3128).
Unable to use Proxy with filtering on. It doesn't get to dansguardian, it always comes up with the page "ERROR: The requested URL could not be retrieved"
If I put the dansguardian port into my proxy settings i can't get anywhere.
Here is some of my iptables config:
iptables -L
Chain iexternal (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:3129 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3129 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:3128 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:3128 state NEW
Chain imodules (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3129
DROP tcp -- anywhere anywhere state NEW tcp dpt:3128
iptable -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
premodules all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postmodules all -- anywhere anywhere
SNAT all -- !192.168.1.101 anywhere to:192.168.1.101
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain postmodules (1 references)
target prot opt source destination
MASQUERADE all -- 10.1.1.0/24 anywhere
Chain premodules (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 192.168.1.102 tcp dpt:3128 redir ports 3129
This is setup as non-transparent proxy on default port and filter on default port. The default proxy setting is to filter.
Cheers for the help
24
Installation and Upgrades / Re: need help firewall and Squid
« on: December 01, 2008, 05:51:43 am »
Hey poundjd,
You should be able to do this by putting the ebox in the way of the LAN and the modem. You will need 2 network cards in the server.
I'm pretty sure ebox doesn't have an option for setting up filters depending on time. Although you could set it up manually.
You could set it so only your kids computers would have filtered internet by using Static IP's on all computers. You can then put the IP's of your PCs in an unrestricted object.
You should be able to do this by putting the ebox in the way of the LAN and the modem. You will need 2 network cards in the server.
I'm pretty sure ebox doesn't have an option for setting up filters depending on time. Although you could set it up manually.
You could set it so only your kids computers would have filtered internet by using Static IP's on all computers. You can then put the IP's of your PCs in an unrestricted object.
25
Installation and Upgrades / Re: Email and LDAP
« on: December 01, 2008, 05:26:01 am »
Can you give any more information about your problem?
26
Installation and Upgrades / Re: Updating DNS with DHCP
« on: December 01, 2008, 05:24:43 am »
Probably be good to test it on an non-production server first.
28
Installation and Upgrades / Re: users cannot access their home directory - new install
« on: November 28, 2008, 02:06:58 am »
pdbedit -u <username> -v
User SID: S-1-5-21-3818554400-921237426-3143208535-****
Primary Group SID: S-1-5-21-3818554400-921237426-3143208535-****
Make sure all the numbers for User and Primary Group SID are the same except the ones after the last hyphen.
User SID: S-1-5-21-3818554400-921237426-3143208535-****
Primary Group SID: S-1-5-21-3818554400-921237426-3143208535-****
Make sure all the numbers for User and Primary Group SID are the same except the ones after the last hyphen.
29
Installation and Upgrades / Re: Firewall blocking Road Warriors
« on: November 26, 2008, 01:52:27 am »
I was unable to map the network drives of local computers without adding that rule... not the shares on the ebox. I could ping all the computers within the network but I couldn't get to their shares. Once the allow all rule was added I was able to.
Also, the ebox is behind a router with a firewall and only the openVPN port is forwarded to ebox.
Also, the ebox is behind a router with a firewall and only the openVPN port is forwarded to ebox.
30
Installation and Upgrades / Firewall blocking Road Warriors
« on: November 19, 2008, 04:59:03 am »
I was just wondering if the Firewall blocks access to most internal ports from remote VPN users.
I was attempting to Remote Desktop to a PC on the internal network remotely but was unable to do so. I also found that I was unable to map network drives.
I changed the firewalls "Filtering rules from external networks to internal networks" by adding an allow all rule. This fixed the problem... why is the VPN considered as being an external network?
I was attempting to Remote Desktop to a PC on the internal network remotely but was unable to do so. I also found that I was unable to map network drives.
I changed the firewalls "Filtering rules from external networks to internal networks" by adding an allow all rule. This fixed the problem... why is the VPN considered as being an external network?